Issue with User Role in Redis Authentication

[murtazabaanihali]

Describe the Bug

Hello,

There is an issue when using Redis for user authentication. The problem is that only the user ID is being saved in the Redis database. Consequently, when the useAuth function in lib/middleware attempts to check if the user is an admin, it fails because the role property is missing.

Issue Description

In the useAuth function in lib/middleware, the user admin is being checked by the role property:

user.isAdmin = user.role === ROLES.admin;

However, when the user is authenticated using Redis, the role property is not present, leading to an incorrect admin status check.

Solution

To fix this issue, update the default export of src/pages/api/auth/login.ts. Currently, only the userId is saved in Redis:

if (redisEnabled) {
  const token = await saveAuth({ userId: user.id });
  return ok(res, { token, user });
}

Update this to include the role property as well:

if (redisEnabled) {
  const token = await saveAuth({ userId: user.id, role: user.role });
  return ok(res, { token, user });
}

This ensures that the role property is saved in Redis, allowing the useAuth function to accurately check the user's admin status.

Database

PostgreSQL

Relevant log output

Which Umami version are you using? (if relevant)

No response

Which browser are you using? (if relevant)

No response

How are you deploying your application? (if relevant)

No response

[mikecao]

Fixed in v2.16.0.